Abstract

Several usability issues (i.e., navigation, occlusion, selection, and text readability) affect the few 3D visualizations proposed to support developers on software engineering tasks. We observe that most 3D software visualizations are displayed on a standard computer screen, and hypothesize that displaying them in immersive augmented reality can help to (i) overcome usability issues of 3D visualizations, and (ii) increase their effectiveness to support software concerns. We investigate our hypothesis via a controlled experiment. In it, nine participants use 3D city visualizations displayed on a Microsoft HoloLens device to complete a set of software comprehension tasks. We further investigate our conjectures through an observational user study, in which the same participants of the experiment use a space-time cube visualization to analyze program executions. We collect data to (1) quantitatively analyze the effectiveness of visualizations in terms of user performance (i.e., completion time, correctness, and recollection), and user experience (i.e., difficulty, and emotions); and (2) qualitatively analyze how immersive augmented reality helps to overcome the limitations of 3D visualizations. We found that immersive augmented reality facilitates navigation and reduces occlusion, while performance is adequate, and developers obtain an outstanding experience. Selection and text readability still remain open issues.

Abstract

Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive data. In recent years, researchers have proposed a myriad of techniques and tools to detect such issues automatically. However, it is unclear how these approaches perform compared to each other. The tools are often no longer available, thus comparing different approaches is almost infeasible.

Abstract

Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the integrated development environment (IDE) about the presence of such security smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of these apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.

Abstract

Abstract Context: Software visualizations can help developers to analyze multiple aspects of complex software systems, but their effectiveness is often uncertain due to the lack of evaluation guidelines. Objective: We identify common problems in the evaluation of software visualizations with the goal of formulating guidelines to improve future evaluations. Method: We review the complete literature body of 387 full papers published in the SOFTVIS/VISSOFT conferences, and study 181 of those from which we could extract evaluation strategies, data collection methods, and other aspects of the evaluation. Results: Of the proposed software visualization approaches, 62% lack a strong evaluation. We argue that an effective software visualization should not only boost time and correctness but also recollection, usability, engagement, and other emotions. Conclusion: We call on researchers proposing new software visualizations to provide evidence of their effectiveness by conducting thorough (i) case studies for approaches that must be studied in situ, and when variables can be controlled, (ii) experiments with randomly selected participants of the target audience and real-world open source software systems to promote reproducibility and replicability. We present guidelines to increase the evidence of the effectiveness of software visualization approaches, thus improving their adoption rate.

Abstract

Object inspection in the Pharo IDE is currently focused on the individual object. The inspection of inter-object relationships is possible in a very limited way, making object set inspection difficult. Understanding the relationship between objects and sets of objects is an important debugging aid and facilitates proper code analysis. In order to efficiently understand code, a visualization of data structures in an interactive graph helps programmers get a thorough conceptual overview. This can save time during debugging as well as code analysis and maintenance. In this thesis a tool is presented that facilitates the visualization of object sets in a graph, in Pharo. The tool highlights the relationships between objects while also conveying important information about each individual object. The strengths of this framework are, first subgraphs persist over different graph renderings, making the comparison of similar sets easy and effectively presenting the set evolution. Second the interactive graph and ability to customize the visualization makes it more understandable and useful to the user. By using this tool in Pharo interesting visualizations can be created since Pharo’s mantra is everything is an object, therefore we can also make graphs containing classes as elements and show the relationships between different classes. The tool facilitates node customization, giving the user the possibility to mold the visualization to fit their needs. For each object an individual node representation can be created. In this thesis we present a node customization for linked lists and for abstract syntax trees. Overall the tool is very intuitive and supports program understanding and debugging.